<?php
class FrontUser
{
	public function validateUser($email, $password)
	{
		$sql = "SELECT user_id, user_email, user_name, user_passwd, user_firstname, user_lastname
				FROM tbl_user
				WHERE user_email = '" . $email . "'
				AND user_passwd = '" . $password . "' 
				AND status = 1";
		//echo $sql;
		$user_arr = DB::fetchAll($sql);
		if(count($user_arr) > 0) 
		{		
			foreach ($user_arr as $user_entry)
			{
				$db_username = $user_entry['user_name'];
				$db_passwd = $user_entry['user_passwd'];
                                $db_email = $user_entry['user_email'];
				
				if($email == $db_email && $password == $db_passwd)
				{
					session_register("user_id");
					session_register("user_name");
					session_register("user_firstname");
					session_register("user_lastname");
                                        session_register("user_email");
					
					$_SESSION['user_id'] = $user_entry['user_id'];
					$_SESSION['user_name'] = $user_entry['user_name'];
                                        $_SESSION['user_email'] = $user_entry['user_email'];
					$_SESSION['user_firstname'] = $user_entry['user_firstname'];
					$_SESSION['user_lastname'] = $user_entry['user_lastname'];
				}
			}
		} else {
			echo "<span class='error'>Invalid username or password</span>";
		}
	}
	
	public function getCountries()
	{
		$sql = "SELECT country_code, country_name
				FROM tbl_country";
		
		$country_arr = DB::fetchAll($sql);
		
		return $country_arr;
	}
	
	public function addUser($request)
	{
           if($this->isEmailexist($request["user_email"])){
               return "uex";
           }
           $sql = "insert into tbl_user (user_email,user_passwd,user_firstname,user_lastname,user_address,user_city,user_phone,userfax,
                secret_question,secret_answer,status,Designation,companyname,companyaddress,typeofbusiness,
                industry,prefferedpayment,profession,nicno,usertype,registerdate)
                values ('".$request["user_email"] ."','".md5($request["user_passwd"])."','".$request["user_firstname"]."','".$request["user_lastname"]."',
                '".$request["user_address"]."','".$request["user_city"]."','".$request["user_phone"]."','".$request["user_fax"]."','".$request["secret_question"]."'
                ,'".$request["secret_answer"]."',0,'".$request["Designation"]."',
                '".$request["companyname"]."','".$request["companyaddress"]."','".$request["typeofbusiness"]."',
                '".$request["industry"]."','".$request["prefferedpayment"]."','".$request["profession"]."','".$request["nicno"]."','".$request["user_type"]."',now()) ";
         //  echo $sql;
		$insert = DB::exec($sql);
		if($insert){
                    return "suc";
                }

        }

        function isEmailexist($email){

           //echo ($userid);
            $sql=" select * from tbl_user where user_email='".$email."'";
           // echo $sql;
            $user_arr = DB::fetchAll($sql);
          // print_r($user_arr);
            return $user_arr;

        }

         function isAnswerCorrect($userid,$securityanswer) {

           //echo ($userid);
            $sql=" select * from tbl_user where secret_answer='".$securityanswer."' and user_id=".$userid."";
           // echo $sql;
            $user_arr = DB::fetchAll($sql);
           //print_r($user_arr);
            return $user_arr;

        }
        function  updatepass($userid,$generaterandompassword) {

           //echo ($userid);
            $sql=" update tbl_user set user_passwd='".md5($generaterandompassword)."' where user_id=".$userid."";
           // echo $sql;
            $user_arr = DB::exec($sql);
          // print_r($user_arr);
            return $user_arr;

        }
         function  activateuser($userid) {

           //echo ($userid);
            $sql=" update tbl_user set status=1  where user_id=".$userid."";
           // echo $sql;
            $user_arr = DB::exec($sql);
          // print_r($user_arr);
             echo "<span class='success'>Your account is successfully activated</span>";

        }


        
	public function getUserInfoById()
	{
		$userid = $_SESSION['user_id'];
		
		$sql = "SELECT *
				FROM tbl_user
				WHERE user_id = " . $userid;
              //  echo $sql;
		$user_arr = DB::fetchRow($sql);
		//print_r($user_arr);
		return $user_arr;
	}

        public function getUserInfoById2($userid)
	{

		$sql = "SELECT *
				FROM tbl_user
				WHERE user_id = " . $userid;
              //  echo $sql;
		$user_arr = DB::fetchRow($sql);
		//print_r($user_arr);
		return $user_arr;
	}

           function getUserdetails(){

           //echo ($userid);
            $sql=" select * from tbl_user where user_id=".$_SESSION["user_id"]."";
      //      echo $sql;
            $user_arr = DB::fetchRow($sql);
           // print_r($user_arr);
            return $user_arr;

        }


        public function getRegmail($request)
	{
		$request = CommonFunc::getRequest();
		$name = $request['user_firstname'];
		$email = $request['user_email'];
		$tel = $request['user_phone'];
		$message = $request['msg'];
		$msgbody = "";

		

		$msgbody .= "Dear" . $name .",\n\n";
		$msgbody .= "Thank you for joining Officesupplies. You will be notified when an admin enables your account";
		$msgbody .= "----------------------------------------------\n\n";
		$msgbody .= "Name: " . $name . "\n\n" . "Email: " . $email . "\n\n" . "Message :" . $message . "\n\n";
		$msgbody .= "----------------------------------------------\n\n";
		$msgbody .= "This is an auto generated email. Please do not reply";

                return $msgbody;

		
	}

        public function editprofilefront($request){
             $sql="";
           if(strlen($request["user_passwd"])>0){
               $sql= " update tbl_user  set user_passwd='".md5($request["user_passwd"])."',user_firstname='".$request["user_firstname"]."',user_lastname='".$request["user_lastname"]."',user_address='".$request["user_address"]."',user_city='".$request["user_city"]."',user_phone='".$request["user_phone"]."',
                secret_question='".$request["secret_question"]."',secret_answer='".$request["secret_answer"]."',Designation='".$request["Designation"]."',companyname='".$request["companyname"]."',companyaddress='".$request["companyaddress"]."',typeofbusiness='".$request["typeofbusiness"]."',
               userfax='".$request["user_fax"]."', industry='".$request["industry"]."',usertype=".$request["user_type"]." ,profession='".$request["profession"]."',user_address='".$request["user_address"]."' ,nicno='".$request["nicno"]."',prefferedpayment='".$request["prefferedpayment"]."' WHERE user_id=".$_SESSION["user_id"]."";
           }
           else{
               $sql= " update tbl_user  set  user_firstname='".$request["user_firstname"]."',user_lastname='".$request["user_lastname"]."',user_address='".$request["user_address"]."',user_city='".$request["user_city"]."',user_phone='".$request["user_phone"]."',
                secret_question='".$request["secret_question"]."',secret_answer='".$request["secret_answer"]."',Designation='".$request["Designation"]."',companyname='".$request["companyname"]."',companyaddress='".$request["companyaddress"]."',typeofbusiness='".$request["typeofbusiness"]."',
               userfax='".$request["user_fax"]."', industry='".$request["industry"]."',usertype=".$request["user_type"]." ,profession='".$request["profession"]."',user_address='".$request["user_address"]."' ,nicno='".$request["nicno"]."',prefferedpayment='".$request["prefferedpayment"]."' WHERE user_id=".$_SESSION["user_id"]."";
           }

    //echo $sql;
          $update = DB::exec($sql);
		if($update)
		{
			echo "<span class='success'>Profile has been successfully updated</span>";
		}
        }
}
?>